Newcomers to password cracking should learn that in 1991 the 1st well known password cracker @alecmuffett.bsky.social's Crack introduced applying rules & permutations to dictionary words, such as substituting numbers for letters, reversing words, appending digits, & other common user habits. 1/3

Free Diagram Tool Aids Management of Complex ICS/OT Cybersecurity Decisions Cyber Decision Diagrams, a free tool designed to help organizations manage complex decisions related to ICS/OT cybersecurity. 

Free Diagram Tool Aids Management of Complex ICS/OT Cybersecurity Decisions

The Ultimate Guide to Sigma Rules Sigma rules are an open-source, platform agnostic format for building high-fidelity detections and engaging in proactive threat hunting so you can mature your security posture and overcome the cyberse...

Leveraging the capabilities of #Sigmarules can help optimize your log management solution for #security detection & response!

Learn about:
❓Why you should use them
📂Specific use cases
🦴Anatomy of a Sigma rule
🔍 Sigma rule event processing for adv. detection capabilities

graylog.org/post/the-ult...

I’d love one. 😊

Breaking: Cyberhaven Chrome Extension Compromised in Holiday Attack Campaign An attacker successfully phished a Cyberhaven employee, gained access to Chrome Web Store admin credentials, published a malicious version of the extension

An attacker successfully phished a Cyberhaven employee.

They gained access to their Chrome Web Store admin credentials and published a malicious version of the Cyberhaven extension.

Read my full writeup here:

www.vulnu.com/p/breaking-c...

Thanks @jaimeblascob.bsky.social and @johntuckner.me

motivational poster that says "there is no AI in TEAM"

I'm going to revolutionize the motivational industry

PSA: upgrade your FortiOS devices, they’re hiding a zero day again.

US Water Facilities Urged to Secure Access to Internet-Exposed HMIs EPA and CISA urge organizations in the water and wastewater systems sector to harden remote access to internet-exposed HMIs.

US Water Facilities Urged to Secure Access to Internet-Exposed HMIs

New Attacks Exploit VSCode Extensions and npm Packages Malicious campaigns targeting VSCode extensions have recently expanding to npm, risking software supply chains

New Attacks Exploit VSCode Extensions and npm Packages

So you want to be a SOC analyst?

Well, then this is for you…

Seeing as many security programs evaluate their coverage against Mitre Att&ck, it’s interesting to see the same being done for the products they rely on.

🙄

📢 ⬇️

Impressive indeed. But would it be enough to make Windows search usable? 🤔

This is brilliant! 😬🛬

I have been informed by my immigration firm I need to rapidly overcome burnout and depression and publish, publish, publish, knocked out a 15 page academic white paper yesterday and 8 page one today. If your publication needs something on industrial cybersecurity… 🙏💜

NIST issues updated cyber guides focused on assessments and communication Two new volumes were released by the National Institute of Standards and Technology that aim to broaden the publication’s applicability to organizations outside federal agencies.

NIST issues updated cyber guides focused on assessments and communication www.nextgov.com/cybersecurity/2024/12/ni...

We dodged the bullet once more. For the love of god why won’t they give up this madness.

Anyone here in ICS, OT, SCADA security that I missed and need to add?

Internet Archive | Manager - Patron Services The Internet Archive is looking for an outstanding individual to lead our Patron Services team. The Patron Services team operates similarly to customer service, quality assurance, trust and safety or ...

Ever wanted to help advance the Internet Archive's mission of "Universal Access to All Knowledge"?

We are hiring the manager of our Patron Services team.

For more information please see this job listing ⤵️
app.trinethire.com/companies/32...

Destructive Malware: Threat Detection and Incident Response Destructive malware makes systems, devices, and data unusuable to interrupt operations. With appropriate threat detection and incident response, organizations can mitigate destructive malware's impact...

Are you prepared to combat destructive #malware? ☠️⚠️

Trojans, worms, #ransomware & #botnets are all types of destructive malware that can wreck havoc on your systems. 😰

Learn about the motivations behind deploying it, how it works, & how #TDIR can help. 🛡️

graylog.org/post/destruc... #cybersecurity

Finding out is the gravity of the fucking around universe. There’s just no fighting it.

Watch out for rogue browser extensions synced to your enterprise devices by compromised personal accounts. 🔥

a man in a leather jacket is riding a motorcycle ALT: a man in a leather jacket is riding a motorcycle

And so it begins…

So, you disappeared Elite James Bond number of messages? 😬

Ever found yourself needing to decompress Windows 10/11 swap but lacked proper tooling?

If so, this is for you…

DDoSecrets has released Library of Leaks, an online database of millions of hacked and leaked documents

search.libraryofleaks.org

EDR Silencers and Beyond: Exploring Methods to Block EDR Communication - Part 1 For red teams and adversary alike it’s important to stay hidden. As many companies nowadays have EDR agents deployed those agents are always in focus and tools like EDRSilencer or EDRSandblast use…

🛡️Windows Firewall and WFP are only two ways to silence an #EDR agent.
📢In my latest blog post I discuss another network based technique to prevent data ingest and ways to detect it.

And if you want even more, checkout part 2 released by @Cyb3rMonk Link in the post

EDR Silencer and Beyond: Exploring Methods to Block EDR Communication - Part 2 Alternative methods for EDR Silencers for blocking EDR communication to disable defenses.

[NEW BLOG]
EDR Silencer and Beyond: Exploring Methods to Block EDR Communication - Part 2

In collaboration with
@fabian.bader.cloud


academy.bluraven.io/blog/edr-sil...

#redteam